Jann Haber <jann.haber@xxxxxxxxxx> wrote: > while it is loading. When I put the same rules all in one file and load > it, I can see all packets of a ping pass with no problem. Hmm, that doesn't work for me, but I do see the 'ping loss'. I suspect its the 'drop' policy, combined with too early wire-up of the base chain. I regret nft has 'policy', too late to rip it out however :-/ I will look into this, probably wednesday and should have a patch alter this week. I have a half-complete patch to move objects into a hash table so restore times should go down a lot, I will finish this first before moving to the packetloss issue. Out of curiosity, how long does time 'nft -f your_ruleset' take?
